A few weeks ago I finally purchased my Nvidia Jetson TK1 development board. The Jetson board provides a Cortex A15 CPU, a 192-core Nvidia GPU, different I/O ports and an impressive computing power. After the success of the raspberry Pi, and the requirements for new mobile platforms, manufacturers such as Nvidia started to look into embedded devices and successfully launched the Tegra K1 processor. Here is my unboxing and first look at this new high-end ARM board.

I was in a bit in a hurry, and ripped the plastic wrapping. This Jetson TK1 board features the Tegra K1 processor, containing 4 32-bit Cortex-A15 CPU cores. Complementing the quad-core Cortex-A15 is a Kepler-based graphics processor with 192 CUDA cores.

The Tegra K1 is about 15 times faster than the former Tegra 2, and is the most powerful GPU in the ARM world. The GPU also supports OpenGL ES 3.0, CUDA 6.5, OpenCL 1.2, and OpenGL 4.4.

The board is also actively cooled in contrast to other ARM board, and has a small heat sink below the fan. The ports on the rear of the Tegra K1 Jetson board include a serial port, standard HDMI, one USB 3.0, 10/100/1000 Gigabit Ethernet, audio jacks, and a USB micro-B recovery/host port , and also includes 2GB of DDR3L 933MHz DRAM plus 16GB of fast eMMC soldered-on storage. When running the board is able to deliver up to 300 Giga Flops.

With the 16GB of onboard storage, an ARM-based Ubuntu Linux 14.04 is already pre-installed supporting the Linux 3.10.24 kernel. One of the main advantages of this ARM board is that it supports CUDA 6.5, allowing developers to take advantage of the parallel capabilities of the GPU. The CUDA toolkit is also by far one of the easiest approach for parallel processing.

Conclusion

At a price of 1$ per core (192$) this board is impressive, and demonstrates a substantial leap forward in the world of embedded systems, and if you are an experienced developer looking for a high end dev board outperforming all alternative embedded systems, this board is definitely the right choice. For more informations on the board you can also visit http://elinux.org/Jetson_TK1, or look at the Tegra TK1 Technical reference manual

One of the brand new features introduced by NVIDIA in CUDA 6.0 is Unified Memory. Helping the programmer to reduce the amount of code written, and simplify the code. The Unified Memory helps managing memory, and maximizing data access speed transparently between the CPU and GPU. This is a simple C example, on how to use unified memory, following a question I have seen on different forums.

This is another post about Gnuplot, and how to use multiplot and zoom-in on data points/ lines that can be difficult to distinguish. Using multiplot will allow to place a secondary plot inside the main one, “emulating” a zoom on data points, by using a different scale. The plot will be placed to specific coordinates for clarity.

Lets create a simple plot to start with:

Simple Plot

Shell

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

set title"Zoom Example"

set xlabel""

set ylabel""

#set the scale for the example

set yrange[1:1000000.000000]

set ytics(1.000000,10.000000,100,1000,10000,100000,1000000)nomirror

set logscaley

set terminal pngcairo enhanced font'Helvetica,10'

set output'example.png'

#create the main plot

set style data linespoints

plot"example.dat"using1:2title columnheader lt-1,\

"example1.dat"using1:2title columnheader lt-1

With this simple data set example :

Data1

Shell

1

2

3

4

5

IDData1

12

22

32

42

Data2

1

2

3

4

5

ID Data2

11.9

21.9

31.9

41.9

Sometimes, it is not possible to plot data with a different scale, and it is impossible to distinguish different data points. It is possible to use a simple “magnifier” trick, by using the following script instead.

Magnify

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

set title"Zoom Example"

set xlabel""

set ylabel""

#set the scale for the example

set yrange[1:1000000.000000]

set ytics(1.000000,10.000000,100,1000,10000,100000,1000000)nomirror

set logscaley

set terminal pngcairo enhanced font'Helvetica,10'

set output'example.png'

#set the arrow

set arrow from2,2.1to1.6,15lw1back filled

#set multiplot

set multiplot

#create the main plot

set style data linespoints

plot"example.dat"using1:2title columnheader lt-1,\

"example1.dat"using1:2title columnheader lt-1

#set the specs for the second plot

set size0.6,0.4

set origin0.2,0.2

set title'Zoom'

set xrange[2:3]

set yrange[2.1:1.8]

set ytics(2.1,1.8)nomirror

set xlabel""

set ylabel""

unset arrow

set grid

#create the second plot

set style data linespoints

plot"example.dat"using1:2notitle lt-1,\

"example1.dat"using1:2notitle lt-1

#end the multiplot

unset multiplot

Using this trick, a second plot is created, with a different scale and it looks like a simple magnifier allowing the reader to have a clear idea on how the points are laid out or simply place emphasis on certain data points.

Recently I was discussing some problems occurring on my landline with my ISP’s customer service, and some connectivity issues that they couldn’t fix. After sending them a couple of traceroutes, pings, router logs, I also decided to plot some of the data for them, because they seemed having difficulties to spot the problems.

So I made a simple bash command to store the ping time values in a file and plot it with Gnuplot. This is the command you can execute in your terminal / shell :

There seem to be a long time known bug on Manuscript Central when you try to upload a paper generated with a recent LaTeX version. When trying to upload a PDF with version < 1.4 the following error appears :

Our apologies, but the file(s) main.pdf (PDF Copy) failed to convert to the appropriate pdf and/or html file for review. You may either try uploading the file(s) again in 20 minutes, or contact the Support Team for further assistance. The Support contact information can be found by clicking the “Get Help Now” link in the upper right corner of this page. Read More …

Unfortunately MC only accepts PDFs with version 1.4 and 1.3, so the easiest way to fix your PDFs is to force the version of your LaTeX manuscript using the following command at the start of your manuscript :

I had to install Gnuplot today on OS X Mavericks. To do so, I used homebrew, which is an easy way to install the missing packages from OSX, and that I need to work. After typing in the following command in my terminal :

brew install

Shell

1

brew install gnuplot

I obtained the following error :

Brew errror

Shell

1

2

3

==>Summary

/usr/local/Cellar/jpeg/8d:18files,780K

Error:You must`brew linklibpng jpeg'before gd can be installed

I tried to link the the libraries, but unfortunately I obtained this error :

This is an easy fix to solve the problem and install GnuPlot without errors :

(There are some other solutions out there, but that are way more complicated than this one)

Type the following commands in your Terminal

Command 1

Shell

1

$sudo chmod777/usr/local/include/

Command 3

Shell

1

$sudo chmod777/usr/local/lib

Install Gnuplot with the following command

Shell

1

$brew install gnuplot--cairo--latex--with-x--tests

Restore the rights on the ‘include’ and ‘lib’ folders

Shell

1

$sudo chmod755/usr/local/lib

Command 5

1

$sudo chmod755/usr/local/include/

You can now use GnuPlot on OS X Mavericks.

Note :If you have any problems, please check the comments + if you found a solution to a problem, please post it as a comment for future users. Thanks to all the people who contribute and contributed in the comments.

Recently I have had to compile CUDA code that had been written for an anterior version of CUDA 5.0 and encountered errors with an old library. After a quick google search on the Nvidia website, and some forums, I discovered that the library I was trying to use had been replaced in the latest versions of CUDA. This is a quick fix if you need to compile code that include the following deprecated library:

C

1

#include<cutil_inline.h>

Simply replace this library with the following :

C

1

#include <helper_cuda.h>

In the old code the following function was used :

C

1

cutilSafeCall(x);

To avoid modifying the multiple files I simply added this line :

C

1

#define cutilSafeCall(x) checkCudaErrors(x)

Also I replaced all occurrences of :

C

1

cutilDeviceSynchronize();

by :

C

1

cudaDeviceSynchronize();

and added this line as well :

C

1

#define cutilCheckMsg(x) getLastCudaError(x)

I was now able to compile the old code, and run it with CUDA 5.5. I hope this helps.

This morning, I received a SPAM direct message on Twitter, and of course, I thought that the person’s account had been somehow compromised, and as usual, I sent a small tweet saying, “Your account has been compromised, you might have to change your password”. An instant later, I received a tweet from the same person, saying that he actually received multiple DMs from his followers including me, with the same or similar links.

As a usual procedure, I checked my account, changed my password, checked my phone for some login text from tweeter, and looked if these messages appeared in my DM list. My phone had not received any login text from twitter, and I had not send any DM to anybody. The only possibility left, “There is a way to sp00f messages from your followers”.

By curiosity, I decided to look the purpose of the link, and without opening the DM, I copied the link into VMware, and opened it in my “lab” virtual machine, and this is what I found out :

Analysis :

I started by opening the link in firefox and was redirected to a “Financial Website”.

Financial Spoofing website

At first sight, the website, could have looked legit, however, there had been multiple redirection before I landed onto that page. The link received in the direct message, was supposed to be a website hosted by OVH, selling mechanical solutions. The information about the website was obtained via netcraft.

Netcraft Infos

Following these informations, OVH was contacted, to let them know that one of their client’s website had been compromised., hoping they would contact them, and let them know that their website had been partially deleted and modified, for malicious purposes.

To have an idea how the redirection was made, I downloaded the “Request Policy” add on for Firefox. Allowing me to avoid being redirected when visiting the link embedded in the the Direct Message.

In the sources, the following script was found :

Sources of post_viev.html

XHTML

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

<html><script type="text/javascript">

<!--

functionrand(min,max)

{

returnMath.floor(Math.random()*(max-min+1))+min;

}

varurls=

[

'http://xxxxxxxxx/indexer.php?a=273120&c=job&s=wwwflash',

'http://xxxxxxxxx/indexer.php?a=273120&c=job&s=wflash',

'http://xxxxxxxxx/indexer.php?a=273120&c=job&s=wwflash',

'http://xxxxxxxxx/indexer.php?a=273120&c=job&s=flash'

];

redir=urls[rand(0,urls.length-1)]+rand(11,999);

document.location.href=redir;

//-->

</script></html>

The script, is easy to understand, there are four URLs that are chosen randomly, and the user is then redirected following the one picked by the script, this page, then again redirects the user to the last page (the fake financial website). Although, in between a fourth page is loaded forcing the user to visit a page generating revenues. The same technique is used for every links the “financial website” contains.

I am thus guessing that the only purpose of theses DMs SPAM are to generate money, from the clicks, although, I have not been able to reproduce the “spoof messages” techniques that was used to send DMs to my followers.

A brief conclusion:

Do not click on links send by DM messages on Twitter, Facebook.

Change your password if you did (you never know).

Run an antivirus on your computer as prevention.

Twitters accounts have been massively hacked lately, Twitter must be investigating at the moment how DM are spoofed.

Yesterday, a friend told me that a website we know had be infected by the blackhole exploit kit, and showed me a screen capture of his antivirus disallowing the access to the page. I immediately decided to open a virtual machine, and load the website to have a closer look. The paged didn’t looked suspicious at first for a lambda user, however, a malicious code had been added at the end of the page. I decided to copy the code and analyse it.

Identification

The first thing I did, was to identify the code on the page by copying the code into my virtual machine, and copy it to a file to send it directly to Virustotal.

Virus Total Identification

As you can in Figure 1, the exploit has been detected by some antiviruses and multiple names have been give. If you open the Virustotal link you will see that the name Blackhole.bn is the one that comes the most often, and is thus the right malware.

Analysis :

The first thing to do, for analysing the javascript code of this malware, is to copy it from the infected domain to a simple html file created for the test.

Malicious Code

Figure 2 shows the javascript code, copied from the infected “index.php” file, into a simple text file. As you can see, the code has been written on only one line, and is pretty difficult to read. Javascript like C does not need indentation to run (like Python), the “hackers” have thus tried to obfuscated their code in that manner. The first thing to do is to indent the code. We can easily obtain something like this :

Code Indented

The code is more readable, such as shown in Figure 3, and some of the variables used in the code where also changed, by their actual value. For example I replaced the variable

1

dhmmy="y"

by it’s actual value, everywhere in the code, allowing me to read code such as

1

["bo"+"d"+dmhm]

and changing it into

1

["body"]

I did the same for multiple other variables, another example is :

1

2

3

mafv="d"+"o"+"c"+"ument"

[...]

(window[mafv].body)

into

1

2

3

mafv="document"

[...]

(window[document].body)

These are simple code tweaks, but they allow the reader to understand what is going on, and how the code is actually executed, in the browser. This tweaks lead us to understand that the obfuscated code is decrypted in the function :

1

sryneh+=String["fromCharCode"](nyuihk("0x"+(y[yozsf]))-(55));

and that the variable “sryneh” contains the decrypted code executed in the browser. To get the code, decrypted, a simple

1

alert(sryneh);

will do the trick, we can now, load the “test.html” page we created in our virtual machine and look what pops up in the alert message.

decrypted code

Figure 4 display the alert message containing the obfuscated code, and allows us to understand what is really going on in this exploit. Three functions were found :

function plq09()

function setCookie()

function getCookie()

The first function is the malicious function, redirecting the user to a specific website, such as shown in Figure 4. The second function is used to set a cookie into the user’s browser with a specific value, to know if the code has been executed or not, and the last function is used to get to cookie, previously (or not yet) created, to be sure that the code only executes once.

The first function called “plq09()” is executed in a loop, and redirects the user to a malicious web page containing another malicious code.

Infected Website

The second website, is directly flagged by firefox as malicious. Once the warning ignored, (because, the second malicious code, will only infect a virtual machine) we access a second website containing another exploit, with an url similar to this one :

A second exploit is now trying to infect our machine, however, this will not be analysed here.

How to remove Blackhole.bn :

Follow these simple steps :

Run an antivirus on your computer (yes, even if you are a mac user).

Connect to your FTP server

Download the different folder

Copy the folder into a second location (backup)

Run the antivirus on the first folder (in case, the antivirus deletes the pages, without asking)

Identify the pages affected by the code

Open theses pages in a text editor and remove the malicious code.

Update your website, to it’s last version if you are using wordpress, joomla or any other publishing plateform.

Change all your passwords FTP, Database, Mail, (you do not know what has been compromised)

Update everything back on the server.

Conclusion :

Well, the blackhole exploit kit, allows the attacker to know informations about you, such as your browser, and to install malicious applications on your computer, and as you have seen the exploitation of your computers follow simples steps.

Steps followed by Blackhole.bn

If you have been infected, it is important to remove the malicious code from your webpage, as explained before, and scan your computer for a malicious code that might have been installed via the last payload. If you discover the code on a website, well, you can contact the owner to let him know the steps to follow, and avoid his website to be blacklisted.

Edit :

08/10/13 : Well, the author of the blackhole exploit kit has just been arrested, read about the arrest here.

For more information on the blackhole exploit kit you can also read this document released by trendmicro.